The Meaty Bugler.

Not quite as bad as a golf podcast

September 27th, 2020

How to replace OpenSSH with Dropbear on Raspberry Pi OS Buster

OpenSSH is the default SSH server/client on Raspberry Pi OS (formerly known as Raspbian), but on systems where RAM is at a premium - the Raspberry Pi 3 Model A+ or Raspberry Pi Zero W, for example - saving memory can be important. One simple way to do this is by replacing OpenSSH with a similar but more lightweight SSH program called Dropbear. Here’s how:

First, install Dropbear:

sudo apt-get install dropbear

Answer yes at the prompt by pressing enter. Next, edit the Dropbear configuration file with:

sudo nano /etc/default/dropbear

and change the line

NO_START=1

to

NO_START=0

save the file with ctrl-o > enter > ctrl-x.

Now stop OpenSSH (if you have accessed your Pi with SSH, you won’t lose your connection):

sudo systemctl stop sshd.service

Now enable and start Dropbear with:

sudo systemctl enable dropbear.service

followed by:

sudo systemctl start dropbear.service

At this point it is safe to disable OpenSSH with

sudo systemctl disable sshd.service

Optionally, reboot your Raspberry Pi:

sudo reboot

Next time you SSH to your Pi you will probably see a message that says:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

This is because, when it was installed, Dropbear generated a new SSH key. Delete the old key with

ssh-keygen -R ip.address.of.pi

and SSH to your Pi again.

Once you’re sure everything is working properly, and if you want to, you can remove openssh-server:

sudo apt-get purge openssh-server